In this timely, thought-provoking, and forward-looking book, Christina Munns, an informatics consultant based in Leeds, and Subhajit Basu, an Associate Professor in Information Technology Law at the University of Leeds School of Law, argue that patients should be empowered by “the choice of control” to make information sharing choices that will benefit themselves and society. Fundamentally, Privacy and Healthcare Data is about information sharing in the UK, and in the NHS specifically, though examples are drawn from the EU and the United States based on Munns and Basu’s more than four years of background research.

The book is split into three parts over six chapters. In Part I, “Introduction and Background”, the reader is first provided an overview of the emergence of the information society, data privacy and data sharing, and political and legal frameworks relating to data privacy. The authors focus on the apparent tension between individual privacy and what they call “collective transparency”, which means sharing de-identified information to improve health services for others in society. The authors’ normative position is apparent from Chapter 1’s opening sentence: “In order to realise the full potential of an information society, personal and confidential data must sometimes be shared” (p. 3). And indeed, the book proceeds to spark debate and offer new visions for sharing of personal and confidential medical data. The reason for this is that Munns and Basu believe that the values of transparency and control for patients still have not been properly considered in public policy debates. They address this lack of transparency and choice through the use of technology, which shifts patient “control” to be a positive enabler for data sharing:

…there is a strong sense that the NHS is still clinging on to the primary control of the information, without even a suggestion that the patient would have the primary control of their information. The fundamental starting point is therefore wrong and the rest of this book seeks to move the balance of control of information from the NHS to the individual for purposes other than their direct care. (p. 51)

In Chapter 2, Munns and Basu provide a critical analysis of how healthcare data is handled in the US and Europe, looking for best practices which could be applied within a framework such as that in the UK. The authors specifically choose to compare the US and Europe “because they face similar challenges, but more significantly, even with their very different health systems, both of them look to healthcare information technology as a critical means of addressing these challenges and are progressing in its adoption” (p. 53). Overall, they find that the US approach strongly supports their notion of collective transparency. In contrast, they find that in Europe, the focus is on who has the right to decide how to use information; it is about obtaining patient consent, i.e. the counter-balance to collective transparency: individual privacy. In the ensuing chapters, the authors take influence from both the US and EU models to try to achieve an optimal balance point between the two.

In Part II, “The Problem”, the reader is introduced to a “theoretical problem”. As the authors explain in Chapter 3, there are three issues necessitating change: the mindset around informational privacy, the quality and “ownership” of information, and the use of innovation. Munns and Basu argue that privacy must be reconceptualised – namely, a shift from an individualistic notion of privacy towards a societal notion. “We should take influence from the European focus on individual rights and the US focus on collective transparency […] and balance the two” (p. 101). Equally, information within health records must be standardised and understandable and information must be controlled by the patient to the extent they choose to do this. Innovation needs to be used by the patient as an impartial vehicle to deliver control – allowing the individual to control their own information and to implement or invoke the autonomy-based laws as intended. “At present technical controls within NHS information systems are designed for control by patients but are largely controlled by clinicians” (p. 101). As they explain: “The principle behind this is that when individuals have the choice of control they will be empowered to think about ‘privacy’ in a way that allows consideration of its impact on society and on their own clinical safety. Individuals can make their own informed decisions on what privacy means for them and enact these decisions directly by controlling information through innovation appropriately” (pp. 101-102). In other words, Munns and Basu believe each citizen should be able to individually define privacy for themselves when it comes to exercising decisions about with whom to share their healthcare data.

The argument is expanded in Chapter 4, where the authors discuss the irony inherent within key “Information Revolution” publications from the NHS and other organisations. Quite often, they promise choice and control to patients, yet fail to consider repositioning the control of information by individuals as an enabler. This is not a failure of the legal framework, but rather of organisational governance: “We suggest that the privacy framework per se is fit for purpose but that the way in which information is governed renders it unfit for purpose, therefore the roles of the individual and NHS need to be reconsidered” (p. 11). They propose giving patients control and choice directly for sharing of their information; the “opt-in” or “opt-out” processes administered by the NHS, as seen in the now-doomed care.data project,[1] do not allow real control for individuals. As Munns and Basu point out, other sectors have already handed control over to the individual, including the banking sector and social media sites such as Facebook, though one could counter-argue that Facebook has not been forthright in the actual extent of user control.[2]

In Part III, “The Proposed Solution”, the reader is provided a “theoretical solution”. In Chapter 5, Munns and Basu call for an “MI Information Revolution”, which allows individuals to exercise “autonomy-based law”. The solution is twofold: 1) a theoretical solution that provides a framework for options of varying levels of control over information which individuals may choose based on their individual definition of privacy (here, Munns and Basu propose four theoretical options: individualistic control, restricted access, boundaries, and sociological theories of privacy regarding individual control of health data); and 2) a practical solution, which applies technology as an “impartial vehicle” to deliver the solution. In the final Chapter 6, the authors propose their “practical technical solution”, which is Internet-based portals that operationalise the principle that collective transparency and individual privacy are complementary. The two main portals are “MIi Fit” for individuals to control and define their own concept of privacy, and “Wii Fit” for the NHS to transparently show how collective transparency is complementary to individual privacy. Through the four options envisioned concerning individual definitions of privacy, the portals are meant to provide a flexible and robust model “designed to empower patients to play a critical role in defining how their healthcare information is shared through a consent-based system” (p. 198).

Despite the occasional typo and quibble I have with some of their viewpoints, Privacy and Healthcare Data is a welcome addition to the growing literature on privacy and healthcare data. Munns’ and Basu’s solution to the theoretical and practical problems in the current context is driven by the belief “that individuals should be increasingly empowered to play a critical role in defining how their healthcare data can be collected, used, and shared across various providers” (p. 189). This is not a call for less data sharing; more control need not mean less sharing. In fact, Munns and Basu think their solution addresses the current problem regarding a lack of transparency around the benefits of sharing, which makes individuals naturally suspicious. “If individuals knew how many lives had been saved via research, some might feel differently” (p. 173). In light of NHS England’s care.data fiasco, the Google DeepMind/Royal Free London NHS Foundation Trust controversy,[3] and ongoing efforts to improve data sharing for human health and well-being, Privacy and Healthcare Data deserves a wide readership and broad debate from academic and policymaking circles to wider public deliberation. The arguments set forth are provocative and well-informed, and the proposals are certainly worthy of pilot testing within the NHS.